Marriott Breach: Unencrypted Passport Numbers, Payment Cards Leaked

Marriott Breach: Unencrypted Passport Numbers, Payment Cards Leaked

Marriott's mega-breach is somehow better, and worse.

  • By Sydny Shepard
  • Jan 09, 2019

Marriott International says its recently discovered mega-breach wasn't quite as bad as it first advertised. Marriott originally estimated that the breach exposed information of 500 million customers, but now believe only 383 million people were affected. 

"We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database," Marriott said in its revised data breach notification.

Marriott also says that its breach investigation now counts 25.6 million passport numbers being exposed in the breach, of which 5.25 million were unencrypted. 

"There is no evidence that the unauthorized third party accessed the master encryption keys needed to decrypt the encrypted passport numbers," Marriott said, but that doesn't mean that the hackers couldn't later brute-force their way in.

Also exposed in the breach was approximately 8.6 million encrypted payment cards that were being stored by Marriott. If attackers were able to decrypt the card data, they could have been using the stolen card data since 2014 to commit fraud.

By the time the breach was discovered, Marriott said the majority of the payment cards were expired. Only 354,000 were still active as of September 2018. As with the passport data, Marriott has no reason to believe the third party accessed the encryption key needed to access the payment cards.

Back in December of 2018, the Marriott announced a breach of its Starwood guest reservation database. The information accessed included some combination of a name, mailing address, phone number, email, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation data and communication preferences.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.